Use the Automated Correlation Engine
The automated correlation engine is an analytics tool that uses the logs on the firewall to detect actionable events on your network. The engine correlates a series of related threat events that, when combined, indicate a likely compromised host on your network or some other higher level conclusion. It pinpoints areas of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources. The automated correlation engine uses correlation objects to analyze the logs for patterns and when a match occurs, it generates a correlated event.
The following models support the automated correlation engine:
- Panorama—M-Series appliances and virtual appliances
- PA-7000 Series firewalls
- PA-5200 Series firewalls
- PA-5000 Series firewalls
- PA-3000 Series firewalls